Threat Modeling: Protecting Our Nation’s Software-Intensive Systems
• Podcast
Publisher
Software Engineering Institute
DOI (Digital Object Identifier)
10.58012/1j7w-j684Listen
Watch
Abstract
While understanding cyber threats to complex software intensive systems is important, identifying threats and mitigations to them early in the design of a system helps reduce the cost to fix them. In response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI’s CERT Division, sit down with Timothy Chick, technical manager of CERT’s Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can guide system requirements, system design, and operational choices to identify and mitigate threats.
About the Speaker
Nataliya Shevchenko
Nataliya Shevchenko is a senior member of the technical staff within the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI). She specializes in system engineering, model-based system engineering (MBSE), and threat-modeling methods. She has a breadth of experience across the software development lifecycle for more than …
Read more
Timothy A. Chick
Timothy A. Chick is the CERT Applied Systems Group Technical Manager at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He currently leads a team of software and system engineers as they build and operate technical solutions for both internally funded research and customer facing prototypes and delivers trusted, valued, …
Read more